A user may store a financial account number in a computing device or digital wallet device for use during a payment transaction. Traditionally, the third party that stores store the financial account number is subject to payment card industry (PCI) compliance. PCI compliance imposes strict rules upon how a third party may store and retrieve a user's financial account number during a payment transaction. This strict compliance imposes a heavy cost for implementing a system.
Alternatively, a third party may store the financial account number as an opaque, encrypted BLOB for which the third party does not possess the encryption key. When an account number is stored in this manner, the third party falls outside of the scope of PCI compliance. The third party may provide the user with access to their financial account information by implementing a client-side decryption of the account number.